[cairo] [PATCH 1/2] xlib: Don't crash when swapping a 0-sized glyph
Adam Jackson
ajax at redhat.com
Fri Oct 31 10:21:14 PDT 2014
malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter
a loop of the form do { ... } while (--c), which doesn't do quite what
you were hoping for when c is initially 0.
Since there's nothing to swap in this case, just bomb out.
Signed-off-by: Adam Jackson <ajax at redhat.com>
---
src/cairo-xlib-render-compositor.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/cairo-xlib-render-compositor.c b/src/cairo-xlib-render-compositor.c
index 74c43e9..e38a659 100644
--- a/src/cairo-xlib-render-compositor.c
+++ b/src/cairo-xlib-render-compositor.c
@@ -1251,6 +1251,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display,
unsigned char *d;
unsigned char *new, *n;
+ if (c == 0)
+ break;
+
new = malloc (c);
if (!new) {
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
@@ -1276,6 +1279,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display,
const uint32_t *d;
uint32_t *new, *n;
+ if (c == 0)
+ break;
+
new = malloc (4 * c);
if (unlikely (new == NULL)) {
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
--
1.7.12.1
More information about the cairo
mailing list